diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index b41af89a2..f1696c2eb 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -973,24 +973,13 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * the message digest. * * This is the generic wrapper for performing a PKCS#1 - * verification using the mode from the context. + * verification. * * \note For PKCS#1 v2.1 encoding, see comments on * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and * \p hash_id. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA public key context to use. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1008,7 +997,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/pk_wrap.c b/library/pk_wrap.c index b536b6615..c351113e0 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -90,8 +90,8 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, if( sig_len < rsa_len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, MBEDTLS_RSA_PUBLIC, - md_alg, (unsigned int) hash_len, + if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, md_alg, + (unsigned int) hash_len, hash, sig ) ) != 0 ) return( ret ); diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 25157d261..11c9ab29c 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -490,7 +490,6 @@ static psa_status_t rsa_verify_hash( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); ret = mbedtls_rsa_pkcs1_verify( rsa, - MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_length, hash, diff --git a/library/rsa.c b/library/rsa.c index ba164ffa9..4619f0207 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2414,15 +2414,12 @@ cleanup: * Do an RSA operation and check the message digest */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig ) { RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || @@ -2432,13 +2429,13 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, NULL, mode, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, NULL, mode, md_alg, + return mbedtls_rsa_rsassa_pss_verify( ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, hashlen, hash, sig ); #endif @@ -2705,8 +2702,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 sig. verify: " ); - if( mbedtls_rsa_pkcs1_verify( &rsa, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, + if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index bdbabb620..c6b313200 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -220,8 +220,8 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC, - MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256, + 0, hash, p ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret ); goto exit; diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 8f207c78b..6aca17134 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -140,8 +140,8 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_RSA_PUBLIC, - MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256, + 20, hash, buf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret ); goto exit; diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 2e22bdd33..d1c0fc129 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -334,7 +334,7 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index ad8f319e4..0983a4232 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -199,7 +199,7 @@ void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -244,9 +244,9 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, hash_len = message_str->len; } - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, - msg_digest_id, hash_len, hash_result, - result_str->x ) == result_simple ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, msg_digest_id, + hash_len, hash_result, + result_str->x ) == result_simple ); TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, msg_digest_id, hash_len, hash_result, diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 764d21a95..112c4fc7b 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -281,22 +281,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( NULL, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( &ctx, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) ); @@ -485,7 +481,7 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); @@ -564,7 +560,7 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );